Despite a lack of sophistication, the adversary has remained under the radar by keeping their operation small and through the use of off-the-shelf malware and of several cryptors bought on online forums.
While focusing on the aviation industry, the adversary has conducted other campaigns as well, and was observed spreading AsyncRAT and njRAT for their nefarious purposes. Infected organizations, Talos notes, could fall victim to data theft, financial fraud, or other cyberattacks.